<?php
	/**
	 *	Wap Portal Server
	 *
	 *	Copyright (C) 2002 - 2004 Emir Sakic
	 *
	 *	Wap Portal Server
	 *	Developer: Emir Sakic - saka@hotmail.com
	 *  Homepage: http://www.sakic.net
	 *	Date: 15/03/2004
	 * 	Version #: 1.2
	**/

// Add to database
if (isset($admin_id)) {
	if (isset($level) && $level == 'Super') {
		$level = 2;
	} else {
		$level = 1;
	}
	// Replace quotes
	if (!get_magic_quotes_gpc()) $admin_username = str_replace("'","\'",$admin_username);

	if ($admin_id == 'New') {
		$query = "INSERT INTO wps_users VALUES ( '', '$admin_username', '$admin_password', '$level')";
	} else {
		$query = "UPDATE wps_users SET user = '$admin_username', password = '$admin_password', userlevel = '$level' WHERE id = '$admin_id'";
	}
		$result = mysql_query($query)
	    	or die("Insert failed");
	$admin_id = 0;
}

// Delete from database
if (isset($del_id)) {
	$query = "DELETE FROM wps_users WHERE id = '$del_id'";
	mysql_query($query) or die("Delete failed");
	$del_id = 0;
}
?>

<script language="JavaScript">
<!--
function validate(){
	if ((document.form.admin_username.value=="") || (document.form.admin_password.value=="")){
		alert('Please complete the form!');
		return false;
		}
	else {
		return true;
		}
	}
//-->
</script>

  <table width="600">
    <tr>
      <td colspan="2"><a href='index.php' border=0>Home</a> &gt; Administrator
        Management</td>
    </tr>
    <tr>
      <td align="center" width="25%"><b>Manage&nbsp;Admins</b></td>
      <td align="center" width="75%"><b>Add/Edit Administrator</b></td>
    </tr>
    <tr>
      <td valign="top">
        <?// List existing administrators
print "<a href=\"index.php?option=admins\">Add Admin</a><br><br>\n";
$query = "SELECT * FROM wps_users ORDER BY userlevel DESC";
$result = mysql_query($query);
// Use mysql_fetch_row to display links
for ($count = 1; $row = mysql_fetch_row ($result); ++$count) {
	print "        <a href=\"index.php?option=admins&adminid=$row[0]\">$row[1]</a><br>\n";
}?>
      </td>
      <td>
        <?// Read admins from mySQL database
if (isset($adminid)) {
	$query = "SELECT * FROM wps_users WHERE id = '$adminid'";
	$result = mysql_query($query);
	$row = mysql_fetch_row($result);
}
?>
        <form name="form" method="post" action="index.php?<?php echo $_SERVER['QUERY_STRING']; ?>" onSubmit="return validate()">
          <p> <b>Username:</b><br>
            <input type="text" name="admin_username" value="<?php if (isset($adminid)) { echo $row[1]; } ?>">
            <br>
            <b>Password:</b><br>
            <input type="text" name="admin_password" value="<?php if (isset($adminid)) { echo $row[2]; } ?>">
          </p>

<p>Admin Level:
<?php if (isset($adminid) and ($row[3]==2)) {
	print "<input type=\"radio\" name=\"level\" value=\"Super\" checked>Super
	<input type=\"radio\" name=\"level\" value=\"Ordinary\">Ordinary";
} else {
	print "<input type=\"radio\" name=\"level\" value=\"Super\">Super
	<input type=\"radio\" name=\"level\" value=\"Ordinary\" checked>Ordinary";
}?>
</p>
          <input type="hidden" name="admin_id" value="<?php if (isset($adminid)) { echo $row[0]; } else { echo 'New'; } ?>">
          <input type="submit" name="Submit" value="Submit">
        </form>
        <?php if (isset($adminid)) {
		print "<form name=\"delete\" method=\"post\" action=\"index.php?option=admins\">
		<input type=\"hidden\" name=\"del_id\" value=\"$row[0]\">
		<input type=\"submit\" name=\"delete\" value=\"Delete\">
		</form>";
		} ?>
      </td>
    </tr>
  </table>
